Nowadays, data security and operational integrity are regarded with utmost importance. As more transactions become digital, it is imperative that data protection and system controls are in place to ensure the integrity of the end user’s digital identity.
Hence, the American Institute of Certified Public Accountants established SOC 2 Compliance guidelines. This article discusses further what SOC 2 compliance means, as well as its benefits for the customers.
Service Organization Control Type 2 (SOC 2) Compliance is a voluntary action to allow third party auditors to evaluate whether your establishment’s service commitments and system requirements would be achieved based on the applicable Trust Services Criteria (TSC).
The TSC are as follows:
SOC 2 auditors checked and confirmed the integrity of security implemented for Shared Contacts for Gmail’s hardware, software, database, network, and personnel.
The audit verified the security of the customers’ data encryption at rest and in transit. Processes are in place to protect encryption keys during generation, storage, use, and destruction.
The auditors substantiated that the company’s application uptime is continuously monitored for availability. This ensures that the customers enjoy our services continuously. In the event of interruptions or other issues, they can be addressed immediately.
The SOC 2 compliance ensures that our organization develops and maintains a disaster recovery plan to recover from any unexpected events quickly.
It is verified that we use a minimal number of third-party tools and every installation of a new software has undergone a strict security clearance, including filtering trojans or spyware.
The audit assesses our organization’s resilience to operational disruptions by identifying potential weaknesses in the process. It also promotes the adoption of best practices and process improvements.
SOC 2 compliance affirms that our development and support teams can impersonate users and access their contacts only upon the customer’s request solely for troubleshooting and support purposes.
Company Data Protection
Data assets containing customer and confidential information are identified and protected. The security audit also ensured that data was properly disposed of at the end of the contract agreement.
The auditors affirm that our commercially reasonable measures comply with the TSC. It was also observed that we follow generally accepted standards to protect the information you provide us, both during transmission and once we receive it.
The SOC 2 Compliance confirms that your data is never used for advertising or transferred to other apps without your explicit consent.
SOC 2 compliance verified that Shared Contacts for Gmail’s data handling and process controls adhere to strict information security policies and procedures. This is valuable for our customers in the following ways:
SOC 2 provides the external validation that Shared Contacts for Gmail clients have their data processed in strict accordance with the company’s privacy policy.
SOC 2 compliance requires adequate control over data. Passing the audit means a reliable risk mitigation and data recovery system is in place.
Additionally, the possible data breach points or security incidents were minimized due to the comprehensive review of the internal processes.
The auditors affirm that the accuracy, completeness, and quality of data is maintained over time. Contacts are retrieved only for synchronization purposes and are immediately hashed.
The SOC 2 attestation provides reasonable assurance that our organization’s service commitments and system requirements were achieved. It helps assure clients that our service is highly reliable.
Shared Contacts for Gmail clients who are SOC 2 compliant or planning to undergo the audit can declare to their auditors that their contact management vendor is already SOC 2 attested.
Shared Contacts for Gmail underwent SOC 2 compliance to guarantee the security of our customers’ data. This process involved implementing stringent controls and practices across several key areas to ensure the highest levels of data protection and operational integrity.
As a contact management application, we are pleased to present that our service meets the security, availability, confidentiality, processing integrity, and privacy standards of an established authority on cybersecurity like AICPA.